CVE-2021-35975
Description
Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a full pathname in GET parameter "file" in URL. Also: affected components in same product - HTTP Adapter (up to v.1.8.0.15), MSSQL MessageBus Proxy (up to v.1.1.06), Financial Calculator (up to v.1.3.05), FIX Adapter (up to v.2.4.0.25)
Impact
Base Score 3.x
5.30
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:systematica:financial_calculator:*:*:*:*:*:*:*:* | 1.3.05 (including) | |
cpe:2.3:a:systematica:fix_adapter:*:*:*:*:*:*:*:* | 2.4.0.25 (including) | |
cpe:2.3:a:systematica:http_adapter:*:*:*:*:*:*:*:* | 1.8.0.15 (including) | |
cpe:2.3:a:systematica:mssql_messagebus_proxy:*:*:*:*:*:*:*:* | 1.1.06 (including) | |
cpe:2.3:a:systematica:radius:*:*:*:*:*:*:*:* | 3.9.256.777 (including) | |
cpe:2.3:a:systematica:smtp_adapter:*:*:*:*:*:*:*:* | 2.0.1.101 (including) |
To consult the complete list of CPE names with products and versions, see this page